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(54) Method for managing globally distributed software components 



(57) Methods and systems are provided which 
make security, licensing, and browsing capabilities of di- 
rectory services available for use with the Java lan- 
guage and environment, and thus provide an alternative 
to security restrictions imposed on Java applets. A Java 
component type is created in a directory services sche- 
ma. The Java component type specifies where a Java 
class can be found in a LAN or on the Internet The key 



attributes of the Java component type are its common 
name (specifying a Java class) and either a reference 
to the file containing the Java class's byte codes or a 
binary stream attribute containing the byte codes. The 
loadClass () method is extended to look for Java classes 
within a directory services database. The directory serv- 
ices features thus made available include support for se- 
curing, metering, and licensing individual Java classes. 
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Description 

Field of the Invention 

[0001] The present invention relates to a computer- 
implemented method for managing software compo- 
nents in a computer network, and more particularly to a 
method for locating, loading, securing, licensing, for me- 
tering Java classes which reside on a local network or 
on the Internet. 

Technical Background of the Invention 

[0002] ' Modern information technology provides a 
vast array of software items to meet many different 
needs. However, after a need is identified, the sheer vol- 
ume of available technology makes locating suitable 
items difficult. Systems of the items they provide may 
duplicate the functionality of other systems or items. Dif- 
ferent pieces of software often behave inconsistently. 
Accessing and using items if difficult because items are 
often available only through systems that are not com- 
patible with the system on which the items would be 
used. 

[0003] Furthermore, accessing items through the In- 
ternet, though tremendously useful, is inherently unsafe 
and unreliable at present. A location that was uninfected 
yesterday may be virus-ridden or simply unavailable to- 
day. It is difficult to ensure that virus, a snoop, or other 
undesired software has not been embedded in or sub- 
stituted for a component. It is also difficult to track use 
of components for license and accounting purposes, so 
there is less commercial incentive to make Internet soft- 
ware library servers continually available and secure. 
[0004] As used herein, "Internet server," "Internet cli- 
ent" and like terms refer to a computer that is identified 
by an Internet address. Internet addresses are dis- 
cussed in E. Kroll, the Whole Internet: User's Guide and 
Catalog, second edition, ISBN 1-56592-063-5 (Internet 
Guide), pages 23-24. 

[0005] One approach to reducing these problems re- 
lies on the applet feature of the Java programming lan- 
guage and environment. (Java is a trademark of Sun 
Microsystems, Inc.) The Java language and environ- 
ment are described in The Java Programming Lan- 
guage, be Ken Arnold and James Gosling, ISBN 
0-201-63455-4 (Java Programming Language) and in 
other commercially available books, CD-ROMs, Web 
sites and the like. A wide variety of Java software com- 
ponents, Java browser controls, Java automation ob- 
jects, and related tools are commercially available; 
[0006] The Java programming language supports 
miniature application programs called " applets" that are 
executed while users view World Wide Web pages. Ap- 
plets are linked or included in Web pages through 
HTML, much as images and links to other pages are 
included. When a user selects the highlighted or under- 
lined portion of the Web page that corresponds to the 



applet, "byte codes" corresponding to the applet are 
transferred across the Internet to a Java interpreter in 
the user's Web browser. The Java interpreter "inter- 
prets" the applet byte codes by translating them one (or 

5 a few) at a time into binary code that can be executed 
on the user's Computer, executing the binary code, 
translating the next byte code(s), and so on. Thus, a giv- 
en applet may run on any machine which a Java inter- 
preter is available, without any need for revision of the 

10 applet by a programmer. 

[0007] To provide security, however, applets labor un- 
der a number of restrictions. Applets are forbidden to 
read from or write to the local user's hard drive. They 
are not allowed to read system properties, to run pro- 

15 grams, to load dynamic link libraries, or to establish net- 
work connections with any site except the site from 
which the original applet was downloaded. 
[0008] Programmers will immediately appreciate the 
difficulties raised in trying to write useful programs that 

20 cannot freely access the disc, RAM, and other system 
resources. The problems inherent in restricting network 
connectivity are somewhat subtler but also severe. As 
noted, applets can only look at and download from the 
site where the applet was originally located. This was 

25 designed as a security feature in that the Web site the 
applet came form is deemed secure, while all other sites 
are presumed to be insecure. But there is nothing inher- 
ently secure about a location just because an applet was 
downloaded from it. 

30 [0009] These severe restrictions are enforced at least 
in part by the Web browser and its interpreter; Applets 
are not designed to run as stand-alone programs. The 
applet only displays to a local screen area. The Web 
browser and/or the interpreter filter out any byte codes 

35 in the applet that read from the local disk, write to the 
local disk, or in general, do anything that leaves perma- 
nent results in a client computer's storage medium. In 
some interpreters, the security features can be disabled, 
but this makes the client system vulnerable to viruses 

40 and the other problems noted above. 

[0010] The byte codes in applets and other Java pro- 
grams are organized into "classes" which define "meth- 
ods"(similar to procedures or functions in other pro- 
gramming languages), "objects" (which are instances of 

45 classes), and/or "interfaces" (which declare methods 
but do not implement them). Java classes, methods, ob- 
jects, and interfaces are familiar to those of skill in the 
art. 

[0011] Only locally loaded classes are available to 
50 Java clients; a list of the loaded classes is kept in a local 
hash table by the computer that loaded the classes. 
Classes that an applet or Java program or its classes 
refers to are loaded as needed, unless doing so violates 
one of the Java security restrictions. An applet or a Java 
55 class "refers to" a class definition when it contains a 
class definition, is capable of reading and/or writing a 
field that is defined by a class definition, and/or is capa- 
ble of invoking a method that is defined by a class def- 
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inition. Java applets, Java applications, and Java class- 
es all refer to Java class definitions. These Java con- 
cepts are discussed at length in Java Programming Lan- 
guage and/or other commercially available references. 
[001 2] A given class may be used in many applets or 
stand-alone Java programs. However, the present Java 
language and environment provide no well-established 
way to license and charge for uses of individual classes. 
For example, if a class were "checked out" of a class 
library by a user for 16 minutes, ideally 16 minutes of 
access at a rate suitable for that class would be billed. 
[0013] Similarly, there is no well-established way to 
ensure that a user has a valid license for an individual 
Java class. For example, if a company has a 1 00-person 
site license for a given class, a warning or refusal or sur- 
charge would ideally be presented when the 101 con- 
current user from that company requests the class. 
[0014] A tool that has not previously been used in 
managing Java classes is known as a "directory servic- 
es provider". Directory services providers vary but in 
general they help administer both the location of net- 
work resources and the rights of network users to use 
those resources. One well-known directory serves pro- 
vider includes NetWare Directory Service ("NDS") soft- 
ware commercially available form Novell, Inc. of Orem, 
Utha (Netware Directory Services and NDS are trade- 
marks of Novell, Inc.) 

[0015] The directory services provider includes a 
schema. The schema includes a set of "attribute syntax" 
definitions, a set of "attribute" definitions, and a set of 
"database object class" definitions. The NDS software 
and a default NDS schema are described in Bierer et 
al., Netware 4 for Professionals, ISBN 1-5605-217-9 
("Netware 4"), pages 255-3422. The terms attribute" 
and "property" are used interchangeably in Netware 4 
and herein, as are the terms "attribute syntax" and 
"property syntax". 

[0016] Each attribute syntax in the schema is speci- 
fied by an attribute syntax name and the kind and/or 
range of values that can be assigned to attributes of the 
given attribute syntax type. Attribute syntaxes include, 
without limitation, Case Exact String (case-sensitive 
string), Case Ignore List (case-insensitive string), E-Mail 
Address, Net Address (valid addresses include IPX and 
Apple Talk), Patch,and Stream (to access data not 
stored directly in NDS database files). Attribute syntax- 
es correspond roughly to data types such as integer, 
float, string, file, stream, or Boolean in conventional pro- 
gramming languages. 

[0017] Each attribute in the schema has certain infor- 
mation associated with it. Each attribute has an attribute 
name and an attribute syntax type. The attribute name 
identifies the attribute, while the attribute syntax limits 
the values that are assumed by the attribute. For in- 
stance, the default NDS schema includes an attribute of 
syntax type integer having the name "supported con- 
nections" which specifies the number of concurrent con- 
nections a file server allows. 



[0018] Each attribute may also have associated with 
it any or all of the following flags: Non-removable, Hid- 
den, Public Read, Read Only, Single-Valued, Sized, and 
String. The general meanings of these flags are familiar 
s to those of skill in the art. If the Sized flag is set for a 
given attribute, then upper and lower bounds (possibly 
including No Limit) are imposed on values currently held 
by that attribute. 

[0019] Each database object class in the schema also 

10 has certain information associate with it. Each database 
object class has a class name which identifies it, a set 
of super classes that identifies the other classes from 
which this class inherits attributes, and a set of contain- 
ment classes that identifies the classes permitted to 

15 contain instances of this class. 

[0020] Each database object class also has a contain- 
er flag and an effective flag. The container flag indicates 
whether the class is a container class, that is, whether 
it is capable of containing instances of other database 

20 object classes. The effective flag indicates whether in- 
stances of the class can be defined. 
[0021] Non-effective database object classes are 
used only to define attributes that will be inherited by 
other classes, whereas effective classes are used to de- 

25 fme -inheritable attributes, to define instances, or to de- 
fine both. 

[0022] In addition, each database object class groups 
together certain attributes. The naming attributes of a 
database object class are those attributes that can be 

30 used to name instances of the class. The mandatory at- 
tributes of a database object class are those attributes 
that must exist in each valid instance of the class and/ 
or become mandatory attributes of classes which inherit 
form the class. The optional attributes of a database ob- 

35 ject class are those attributes that may, but need not, 
exist in each valid instance of the class. Optional at- 
tributes of a parent class become optional attributes of 
a child class which inherits form the parent class, unless 
the attributes are mandatory in some other parent class 

40 from which the child inherits, in which case they are also 
mandatory in the child. 

[0023] A database object is an instance of a database 
object class. Different database objects of the same 
class have the same mandatory attributes but may have 
45 different current values in their corresponding mandato- 
ry attributes. Different database objects of the same 
class may have different optional attributes, and/or dif- 
ferent current values in their corresponding optional at- 
tributes. 

50 [0024] NDS database object classes do not necessar- 
ily correspond in a one-to-one manner with Java class- 
es, nor do NDS database objects necessarily corre- 
spond one-to-one with Java objects. It is unfortunate but 
nonetheless true that words such as "class" and "object" 

55 are widely used to mean different things even by pro- 
grammers who are talking about computer programs 
and the like. 

[0025] The directory services provider also includes 
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a directory services interface library which provides ac- 
cess to the schema and to a database. The schema is 
an API-extensible schema in that the attributes and ob- 
ject classes found in the schema can be altered through 
an Application Programmers Interface ("API") without 
direct access to the source code that implements the 
schema. In some embodiments the directory services 
interface library includes table or commands stored in 
file which is read by the schema during its initialisation 
and when database objects are created, thereby defin- 
ing the available attributes and classes. 
[0026] In addition or as an alternative, the directory 
services interface library includes a set of routines that 
are available to other code to access and modify the 
schema. One implementation of the directory services 
interface library includes an NWDSxxx( ) library that is 
commercially available from Novell, Inc. of Orem, Utah. 
The NWDSxxx() library is so named because the names 
of functions and datatypes defined in the library typically 
begin with "NWDS", an acronym for "NetWare Directory 
Services". It would be a straightforward task for one of 
skill in the art to access the NWDSxxx( ) library from a 
Java program or a Web browser. 
[0027] The directory services database contains da- 
tabase objects that are defined according to the schema 
and the particulars of the network. These objects typi- 
cally represent resources of the network. The database 
is a "hierarchical" database because the objects in the 
database are connected in a hierarchical tree structure. 
Objects in the tree that can contain other objects are 
called "container objects" and must be instances of a 
container object class. 

[0028] The database is also a "synchronized-parti- 
tion" database. The database is typically divided into 
two or more non-overlapping partitions. To improve the 
response time to database queries and to provide fault- 
tolerance, a replica of each partition is physically stored 
on one or more file servers in the network. The replicas 
of a given partition are regularly updated by the directory 
services provider through automated synchronization 
process, thereby reducing the differences between rep- 
licas caused by activity on the network. 
[0029] Other network administration tools which the 
Java environment fails to utilize are NWAdmin and its 
possible "snap-in" modules. 

[0030] Thus, it would be an advancement in the art to 
provide a novel method for managing Java classes 
which are distributed in a computer network.lt would be 
an additional advancement to provide such a method 
which takes advantage of the security and licensing ca- 
pabilities of directory services providers. 
Such a method for managing software components is 
disclosed and claimed herein. 

Brief Summary of the Invention 

[0031] The present invention provides methods and 
systems that merge complementary capabilities of di- 



rectory services and of the Java language and environ- 
ment. The invention provides an alternative to Java ap- 
plet security restrictions. 

[0032] According to one method of the invention, a 

5 Java component type is created in a Novell directory 
services schema. The Java component type specifies 
where a Java class can be found in a LAN or on the 
Internet. The key attributes of the Java component type 
are its common name (specifying a Java class) and a 

10 Universal Naming Convention ("UNC) reference to the 
file containing the Java class's byte codes and other 
contents. The load Class ( ) method is extended to look 
for Java classes within the directory services database. 
[0033] In another embodiment, a new directory serv- 

is ices Java component type is also created, but the key 
attributes are the Java class common name and a binary 
stream attribute. The binary stream contains the Java 
class's byte codes and other contents. Multiple classes 
may be stored in the stream by "zipping" them together 

20 with a utility such as the PKZIP tool. Like the first em- 
bodiment, this embodiment requires a lookup capability 
that is implemented as an extension of the Java Class- 
Loader class. 

[0034] Software components that can be represented 
25 thus in the directory services database include applets, 
Java classes, and pieces of software that refer to applet 
or Java classes. All the features of Novell's directory 
services become available for locating, securing, and li- 
censing individual Java classes or groups of classes or 
30 applets or programs. The severe restrictions imposed 
by applets can be replaced by the more flexible and well- 
established security features of NDS. 
[0035] Other features and advantages of the present 
invention will become more fully apparent through the 
35 following description. 

Brief Description of the Drawings 

[0036] To illustrate the manner in which the advantag- 
40 es and features of the invention are obtained, a more 
particular description of the invention summarized 
above will be given with reference to the attached draw- 
ings. These drawings only provide selected embodi- 
ments of the invention and are not therefore to be con- 
45 sidered limiting of its scope. In the drawings: 

FIG. 1 is a diagram illustrating a computer network 
suitable for use with the present invention. 
FIG.2 is a diagram illustrating relationships be- 
so tween a software component client, a software 
component server computer, a hash table, and a 
database according to the present invention. 
FIG.4 is a diagram illustrating a directory services 
provider and database. 
55 FIG. 3 is a diagram illustrating a software compo- 
nent suitable for use with the present invention. 
FIG.5 is a diagram illustrating one embodiment of a 
component database object according to the 
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present invention. 

FIG.6 is a diagram illustrating an alternative embod- 
iment of a component database object according to 
the present invention. 

FIG.7 is a flowchart illustrating a method of the 
present invention. 

FIG.8 is a flowchart illustrating another method of 
the present invention. 

Detailed Description of the Preferred Embodiments 

[0037] The present invention relates to a method and 
apparatus for locating, loading, securing, licensing, and/ 
or metering packages, classes, or other software com- 
ponents. Suitable software components include Java 
classes. As noted, Java classes may be, but are not re- 
quired to be, invoked by a Java applet 
[0038] The software components reside on a compu- 
ter network such as a local network, wide area network, 
and/or the Internet; as noted above "Internet" as used 
herein includes variations such as a "private Internet", 
"secure Internet", "value-added network", or "intranet". 
The computers connected by the network may be work- 
stations, laptop computers, disconnectable mobile com- 
puters, file servers, or a combination thereof. The net- 
work may include one or more LAN's, wide area net- 
works, Internet servers and clients, intranet servers and 
clients, or a combination thereof. 
[0039] One of the many computer networks suited for 
use with the present invention is indicated generally at 
1 0 in FIG. 1 . In one embodiment, the network 1 0 includes 
Novell Netware network operating system software 
(NETWARE is a registered trademark of Novell, Inc.) 
and Novell's NetWare Directory Services Software. In 
alternative embodiments, the network includes Net- 
Ware Connect Services, VINES, Windows NT, Windows 
95, LAN Manager, or LANtastic network operating sys- 
tem software and an implementation of a distributed hi- 
erarchical partitioned object database according to the 
X.500 protocol (VINES is a trademark of Banyan Sys- 
tems, NT, WINDOWS 95, and LAN MANAGER are 
trademarks of Microsoft Corporation; LANTASTIC is a 
trademarks of Artisoft). The network 10 may include a 
local area network 12 which is connectable to other net- 
works 14, including other LANs or portions of the Inter- 
net or an intranet, through a gateway or similar mecha- 
nism. 

The network 10 includes several file servers 16 that are 
connected by network signal lines 1 8 to one or more net- 
work clients 20. The file servers 16 and network clients 
20 may be configured by those of skill in the art in a wide 
variety of ways to operate according to the present in- 
vention. The file servers 16 may be configured as Inter- 
net servers, as intranet servers, as directory services 
providers or name servers, as software component 
servers, or as a combination thereof. The servers 16 
may be uniprocessor or multiprocessor machines. The 
servers 16 and clients 20 each include an addressable 



storage medium such as random access memory or a 
non-volatile storage medium such as a magnetic or op- 
tical disk. 

[0040] Suitable network clients 20 include, without 
5 limitation, personal computers 22, laptops 24, and 
workstations26. The signal lines 18 may include twisted 
pair, coaxial, or optical fiber cables, telephone lines sat- 
ellites, microwave relays, modulated AC power lines, 
and other data transmission "wires" known to those of 
10 skill in the art. In addition to the network client computers 
20, a printer 28 and an array of disks 30 are also at- 
tached to the network 10. 

[0041] Although particular individual and network 
computer systems and components are shown, those 
15 of skill in the art will appreciate that the present invention 
also works with a variety of other networks and comput- 
ers. 

The file servers 16 and the network clients 20 are capa- 
ble of using floppy drives, tape drives, optical drives or 

20 other means to read a storage medium 32. A suitable 
storage medium 32 includes a magnetic, optical, or oth- 
er computer-readable storage device having a specific 
physical substrate configuration. Suitable storage de- 
vices include floppy disks, hard disks, tape, CD-Roms, 

25 Proms, Ram, and other computer system storage de- 
vices. The substrate configuration represents data and 
instructions which cause the computer system to oper- 
ate in a specific and predefined manner as described 
herein. Thus, the medium 32 tangibly embodies a pro- 

30 gram, functions, and/or instructions that are executable 
by the file servers 16 and/or network client computers 
20 to perform directory services object and software 
component management steps of the present invention 
substantially as described herein. 

35 [0042] FIG. 2 illustrates a network configuration in 
which a network client 20 acts as a Java client 40. That 
is, some piece of Java-aware software running on the 
client 40 has identified a particular Java software com- 
ponent whose methods may be investigated and possi- 

40 bly used. 

Java-aware software includes Web browsers that con- 
tain a Java interpreter, stand-alone Java interpreters, 
and other software capable of browsing, gathering, and/ 
or interpreting Java code in its various forms. 
45 The desired software component is typically identified 
by one or more of the following: a Java class name, a 
Java package name, a Universal Resource Locator 
("URL"),a server identifier, a volume identifier, and a file 
path. However, the desired software component may al- 
so so be identified by a globally unique identifier ("GUID"), 
a universally unique identifier ("UU!D"),or by other 
means. 

The Java client 40 is connected by the network signal 
means 18 to a hash table computer 42. Alternatively, the 
55 client 40 and the hash table computer 42 may be the 
same computer. 

A Java has table 44 or equivalent structure resides on 
the hash table computer 42. Suitable structures 44 in- 
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etude hash tables; arrays; lists, including linked lists; bi- 
nary trees, B-trees, and other trees; stacks; queues; re- 
lational database tables; graphs; and other searchable 
storage structures useful to those of skill in the art for 
determining whether a particular cless or other software 
component has already been loaded by the class loader 
computer 42. 

As used herein, afile or structure or software component 
"resides on" a given computer if it is accessible to an- 
other computer on the network through the given com- 
puter. For instance, files which are managed by a con- 
ventional file server such as a NetWare file server reside 
on that file server. 

A component server computer 46 is also connected to 
the network by the signal means 18,One or more Java 
software components 48 reside on the component serv- 
er 46. As noted, only loaded software components are 
available to Java clients. Thus, any of the components 
48 which do not appear in the hash table 44 are not avail- 
able to the Java client 40, even if the client 40 has ac- 
cess through the network to the files that contain the 
components 48. 

The signal means 18 also connects a database manag- 
er 50 to the network. The database manager 50 man- 
ages a database 52 which contains one or more data- 
base objects or entries 54. 

[0043] As used herein, "database object" refers to a 
specific kind of "database entry". Each database object 
or entry 54 associates a component identifier 56 with a 
component locater 58. In one embodiment, the data- 
base manager 50 comprises Novel NDS software and 
the database 52 comprises an NDS database. 
[0044] FIG. 3 further illustrates an embodiment of one 
software component 48 in the form of a Java compo- 
nent. The Java component 48 includes byte codes 70 
capable of being interpreted and executed by a virtual 
machine in a Java interpreter. Suitable byte codes 70 
include, without limitation, those stored in files normally 
named with a "class" suffix. 

The component 48 may also include one or more meth- 
ods 72, one or more objects 74, and/or one or more in- 
terfaces 76. Methods, objects, and interfaces are dis- 
cussed in Java Programming Language and other com- 
mercially available references on Java. 
[0045] FIG. 4 further illustrates an embodiment of the 
database manager 50 and the database 52. The data- 
base manager 50 comprises a directory services pro- 
vider 80 and the database 52 comprises a hierarchical 
synchronized-partition database 82 that is maintained 
by a network operating system or other program. One 
suitable database 82 comprises an NDS database. One 
suitable directory services provider 80 comprises Novell 
NDS software maintained by the NetWare network op- 
erating system. NDS provides a schema 84 that con- 
tains definitions of attribute syntaxes 86, database 
classes 88, and attributes 90. One embodiment utilizes 
the existing NDS schema 84 and simply interprets da- 
tabase values according to the present invention. 



As illustrated in FIGS. 2 and 4-6, alternative embodi- 
ments according to the present invention extend the 
NDS scheme by defining component database objects 
such as the Objects 92,94. Each embodiment associ- 

5 ates component identifiers 56 with component locators 
58 by placing an identifier attribute 96 and a binary lo- 
cater attribute 98 or 100 in an NDS database object 92 
or 94, respectively. In each case, the identifier attribute 
96 contains a Java class identifier. Either or both type 

f 0 of database object 92, 94 may be utilized in a given da- 
tabase 82. 

[0046] In the embodiment shown in FIG. 5, the binary 
locator attribute 98 has a universal naming convention 
file name as its value. The file name identifies the file 
15 system location of the file that contains the byte codes 
70 (FIG. 3) of the software component 48 that is identi- 
fied by the Java class name in the identifier attribute 96 
of the database object 92. 

[0047] The embodiment shown in FIG. 6 the binary 
20 locator attribute 100 has a stream as its value. The 
stream provides direct access to the byte codes 70 (FIG. 
3) of the software component 48 that is identified by the 
Java class name in the identifier attribute 96 of the da- 
tabase object 94. The byte codes 70 in the stream may 
also correspond to multiple classes (The identifier at- 
tribute 96 may be multi-values) if the byte codes for in- 
dividual classes are "wrapped" or otherwise aggregated 
into a format suitable for streaming, such as the familiar 
\zip format. 

In alternative embodiments of the present invention, the 
database objects 92, 94 also contain Java descriptor at- 
tributes, licensing attributes, attributes which store infor- 
mation that is found in hash table files 44, attributes 
which store information that is useful in managing NDS 
databases, or a combination thereof. 
[0048] FIGS. 4 and 7 illustrate one method according 
one the present invention. During a creating step 110, a 
database entry or object 54 is created. Suitable data- 
base entries and objects 54 associate Java software 
component identifiers 56 with Java software component 
locators 58, as illustrated in FIGS. 2 and 4-6. In embod- 
iments which comprise NDS database objects such as 
the objects 92 or 94, those of skill in the art will readily 
create such objects through appropriate calls to com- 
mercially available NWDSxxx( ) functions and other 
well-known means. 

[0049] With reference to FIGS.2 and 7, during an 
identifying step 112 the Java client 40 identifies a spe- 
cific desired Java software component and checks the 
local hash table 44 to see if the desired component is 
already loaded. The desired component is identified by 
one or more of the following: URL, server name, direc- 
tory path, file name, class name, package name, CLSID, 
GUID, UUID, and/or an equivalent component identifier 
or class identifier. If the desired component is found in 
the structure 44, it is already loaded, and steps 114 
through 120 are skipped. In one embodiment, a human 
user directly initiates steps 114-120 in response to an 
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error message when an tempt is made to use a class 
that is not already loaded. 

In a preferred alternative embodiment, the Java-aware 
browser or other program is extended so that at least a 
portion of steps 114-120 is performed automatically by 
the extended program if the desired component is not 
yet loaded. This may be accomplished by providing a 
suitable loadClass ( ) method in an extension class of 
the ClassLoader class. A familiar loadClass ( ) method, 
such as that described in Java Programming Language, 
is modified as follows: 

loadClass ( ) is placed in a class NDSCIassLoader 
which extends ClassLoader; 
NDSCIassLoader.loadClass ( ) is the method in- 
voked by the Java-aware software; 
NDSCIassLoader.loadClass ( ) provides the Java- 
aware software with access to NDS through an NDS 
browser, using familiar GUI code with a native code 
library or a Java library that provides the function- 
ality found in Novell's commercially available 
NWAdmin utility and/or NWDWxxx( ) library API or 
the like; 

licensing software queries either the user or config- 
uration information on the network 10 (FIG.1 ) to ob- 
tain keys or agreements to licensing conditions, and 
to notify the user that licensing is in effect, and then 
provides the information NDS requires to enforce 
license restrictions and manage use metering, be- 
fore NDS will release the byte codes 70; 
security or access control restrictions imposed by 
NDS are handled in a manner similar to licensing 
enforcement, with the necessary information being 
obtained from the user or login files or the like, and 
access to the byte codes being denied when a se- 
curity breach appears likely; 
"glue" software is provided which passes Java class 
identifiers 96 and locators 98, 100 from the NDS 
browser to a more familiar portion of the NDSCIass- 
Loader. loadClass () method, which then locates the 
byte codes 70 and loads them using the NDS ac- 
cess library. 

The present invention thus extends the reach of the 
hash table 44; if the desired component is not loaded, 
a querying step 114 queries the database manager 50. 
Alternatively, software performing the querying step 114 
may access the database 52 directly. Suitable software 
includes, without limitation, NDS software and Internet 
search engines. The present invention also uses NDS 
to enforce access, security metering, and licensing re- 
strictions. Programmers will appreciate that the steps 
described above need not be invoke directly from within 
a loadClass() method, but may also be invoked by other 
methods which coordinate with a less complex and 
more conventional loadClassQ embodiment. 
[0050] In either embodiment, the querying step 114 
includes accessing the database 52 and searching it to 



locate any entries 54 which contain the desired compo- 
nent's identifier. If no database entry or object 54 corre- 
sponding to the specified Java component identifier is 
located by the search, the Java client 40 is informed. 
5 The client 40 must then proceed as best it can without 
the desired class. 

[0051] However, if the search succeeds, one or more 
database entries or objects 54 containing the desired 
component identifier are selected. The associated loca- 
10 tion of the desired component's byte codes 70 (FIG. 3) 
is determined by extracting it from the database entry 
or object 54 during an extracting step 116. Extraction is 
accomplished by means familiar to those of skill in the 
art 

* 5 [0052] The extracting step 1 1 6 may include extraction 
of licensing information such as the value of a licensing 
attribute kept in a component database object 92 or 94. 
Steps may then be performed to ensure that licensing 
requirements will be met. Depending on the circum- 
stances, suitable steps include offering the user a li- 
cense agreement, initiating usage metering, debiting an 
existing account, or taking other steps familiar to those 
of skill in the art of licensing software. 
[0053] During a transferring step 118, any necessary 
transfer of the desired component over the network to 
make it reside on the Java client 40 is performed. If the 
desired component already resides on the Java client 
40 but was unavailable because it had not yet been load- 
ed, no transfer is made.A portion of the transferring step 
118 varies according to the details of the database ob 
ject 54 used. Streams such as those specified in the bt 
nary locator attribute 100 (FIG. 6) are opened as 
streams, a temporary file residing on the Java client 40 
is created, and the stream data is transferred over the 
network into the temporary file. Files specified in the bi- 
nary locator attribute 98 (FIG. 5) are copied or moved 
as the user specifies, with copying being the preferable 
default. 

[0054] During an updating step 1 20, the hash table 44 
that resides on the Java client 40 is updated to reflect 
the loading of the desired software component. In some 
embodiments, a predetermined value or flag is included 
in the hash table entry to permit easy identification of 
entries made according to the present invention. This 
value facilitates removal of such entries, as well as mak- 
ing it easy for system administrators to obtain statistics 
regarding use of the present invention. 
Finally, during a utilizing step 122, the hash table infor- 
mation and then the desired software component itself 
are utilized by the Java client. This is accomplished in 
a manner well-known in the art. 

[0055] FIG. 8 also illustrates a method of the present 
invention. During an accessing step 130, browsing soft- 
ware accesses a database such as the database 52 
(FIG.2) which associates software component identifi- 
ers 56 with software component locators 58. The ac- 
cessing step 1 30 may include a reading step 1 32 to read 
the identifier 56 and a reading step 134 to read the lo- 
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cator 58, if the browsing identifies a component of inter- 
est, or the accessing step 1 30 may not look beyond tex- 
tual descriptions and the like, if no components are suf- 
ficiently interesting to be ioaded. 
The accessing step 130 may also include steps 
136,138, and 104 which verify access rights, verify li- 
cense status, and update license metering, respectively. 
For instance, the access verifying step 136 enforces 
read, write and permission-granting privileges based on 
the user's identity, group membership location, o other 
criteria. Details of such security enforcement are well- 
known in the art; the main point to be made here is that 
the current invention makes the security enforcement 
mechanisms of NDS available on a component-by-com- 
ponent basis to protect integrity and secrecy of individ- 
ual Java classes. As a result, security is based on well- 
understood criteria, such as whether one is a system 
administrator or not, rather than being based on blanket 
restrictions like those imposed on Java applets. 
Likewise, the licenses status verifying step 138 can en- 
force license restrictions, such as the maximum number 
of concurrent users, on a component-by-component 5e. 
g., per Java class) basis, providing finer granularity than 
enforcement mechanisms that treat an entire program 
or library as the smallest unit that can be licensed. 
[0056] The metering step 140 can similarly note the 
starting time and ending time of use of an individual Java 
class, allowing charges for use of software components 
to more accurately reflect the actual use, thereby en- 
couraging use of Java classes. 

The method includes a step 1 42 of selecting a software 
component which is identified in the database as a result 
of the accessing step 130. Selection can be accom- 
plished using a familiar GUI, or can be performed auto- 
matically by a Java-aware program which is seeking a 
particular class or a class having predetermined char- 
acteristics. As indicated in FIG.8, security or licensing 
steps 1 36, 1 38, and/or 1 40 may be performed either be- 
fore or after a component is selected, depending on the 
method of operation desired in a given embodiment. 
After a component has been selected, its current (initial) 
location is determined during a step 144. This may be 
accomplished by reading the locator attribute 98, 100 
(FIGS.5,6. Alternatively, the location of a component 
may be considered when deciding whether to select the 
component during the step 142. 
Finally, the selected software component is loaded onto 
the class loader computer 42 (FIG.2 during a step 146. 
This may be accomplished using a loadClass ( ) method 
as discussed above. Indeed, many of the mechanisms 
and means used to accomplish the steps shown in FIG. 
7 may also be readily used by those of skill to accom- 
plish the steps shown in FIG.8. 
[0057] The present invention provides a novel ap- 
proach which effectively extends the scope of Java soft- 
ware component repositories beyond a local computer 
or file system to the networks that communicate with the 
local computer. These communicating networks may be 



other local area networks, wide area networks, or even 
the worldwide Internet. Widespread use of software 
components, subject to appropriate licensing and secu- 
rity restrictions, is thereby promoted. Embodiments of 
5 the present invention are fully compatible with exciting 
Java hash table files, and they eliminate the need for ad 
hoc approaches that require multiple (possibly incon- 
sistent) copies of hash tables orfail to scale well to many 
LAN's. 

10 [0058] AH descriptions identified herein by citing spe- 
cific topics or pages in Java Programming Language, 
Internet Guide, and NetWare 4 are incorporated herein 
by reference. In the event of a conflict, descriptions pro- 
vided directly herein take precedence over those incor- 

15 porated by reference. 

[0059] Although particular methods embodying the 
present invention are expressly illustrated and de- 
scribed herein, it will be appreciated that apparatus and 
article embodiments may be formed according to meth- 

20 ods of the present invention. Unless otherwise express- 
ly indicated, the description of apparatus and articles of 
the present invention extends likewise to corresponding 
methods. 

25 

Claims 

1. A method for managing software components in a 
network of computers, each software component 

30 referring to at least one class definition, the network 
including at least one class loader computer capa- 
ble of loading such a software component, the net- 
work also including at least one component server 
computer distinct form the class loader computer, 

35 the method comprising the steps of: 

accessing a synchronized-partition database 
which associates software component identifi- 
ers with software component locators; 
40 - selecting a software component which is iden- 
tified in the database as a result of the access- 
ing step; 

determining an initial location of the software 
component selected during the selecting step, 
45 the initial location being outside the synchro- 

nized-partition database; and loading the se- 
lected software component onto the class load- 
er computer. 

50 2. The method of claim 1 , wherein the software com- 
ponent selected during the selecting step compris- 
es a Java software component. 

3. The method of claim 1 , wherein the accessing step 
55 comprises accessing a hierarchical synchronized- 
partition database maintained by a network operat- 
ing system. 
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4. The method of claim 3, wherein the accessing step 
further comprises reading an identifier attribute val- 
ue and reading a locator attribute value. 

5. The method of claim 4, wherein the identifier at- 5 
tribute value corresponds to a Java identifier and 
the locater attribute value corresponds to a univer- 
sal naming convention file path. 

6. The method of claim 4, wherein the identifier at- io 
tribute value corresponds to a Java identifier and 

the locator attribute value corresponds to a stream 
containing a Java software component. 

7. The method of claim 1 , wherein the selecting step *5 
comprises accessing a directory services data- 
base. 



8. The method of claim 1, wherein the selecting step 
comprises selecting a software component tat re- 
sides on an Internet server. 



20 



9. A method for managing Java classes in a network 
of computers, the network including at least one 
class loader computer capable of loading a Java 25 
class, the network also including at least one class 
server computer distinct from the class loader com- 
puter, the method comprising the steps of: 

accessing a hierarchical synchronized-partition 30 
database which associates Java class identifi- 
ers with Java class locators; 
selecting a Java class which is identified in the 
database as a result of the accessing step; 
determining an initial location of the Java class 35 
selected during the selecting step; and loading 
the selected Java class from the class server 
computer onto the class loader computer. 

10. A computer storage medium configured by storage *o 
therein of a directory services database object cor- 
responding to a software component in a network 
of computers, each software component referring 
to a Java class, the database object capable of re- 
siding in a hierarchical, synchronized-partition da- 
tabase and having a plurality of attributes, each at- 
tribute having a name, a syntax, and a current val- 
ue, the syntax limiting the values assumed by the 
attribute, the plurality of attributes comprising an 
identifier attribute having a current value which 50 
identifies a Java software component, and a locator 
attribute having a current value corresponding to 
the location of the Java software. 
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